Techdirt. Stories filed under "dea"Easily digestible tech news...https://www.techdirt.com/
en-usTechdirt. Stories filed under "dea"https://ii.techdirt.com/s/t/i/td-88x31.gifhttps://www.techdirt.com/Mon, 9 Feb 2015 09:15:00 PST100 Million Pennies For Your Thoughts? DEA Hands MuckRock A $1.4 Million Estimate For Responsive DocumentsTim Cushinghttps://www.techdirt.com/articles/20150206/15434529942/100-million-pennies-your-thoughts-dea-hands-muckrock-14-million-estimate-responsive-documents.shtml
https://www.techdirt.com/articles/20150206/15434529942/100-million-pennies-your-thoughts-dea-hands-muckrock-14-million-estimate-responsive-documents.shtml
The EFF recently kicked off a contest for the "most outrageous response to a Freedom of Information Act request" and we already have a frontrunner for the first inaugural "Foilie." MuckRock's loose confederation of FOIA rabblerousers has been hit with a $1.4 million price tag for John Dyer's request for documents related to the "localization and capture" of Mexican drug lord "El Chapo." (Or Joaquin Guzman, as he was presumably known to his mom.)

The price tag for the requested documents is almost absurdly high. Almost. There are some mitigating factors that might keep this request from snagging the coveted "Foilie." For one, there's a whole lot of responsive documents.

In fairness, the request is quite broad in scope, and the estimated 13,051 case files would create considerable workload.

But on the other hand, the estimate seems to have been pulled out of thin air, rather than based on any actual calculations.

But assuming that $200,000 of that fee came from photocopying (which would put the total number of pages at two million), that would put the time estimate at over 40,000 hours, or 1785 days. That's almost five years of constant work without breaks.

And while $1.4 million may be pocket change for an agency with a budget in the low billions, it's a much bigger number than MuckRock's system is built to handle. Attempting to punch this estimated total into the "Cost" field returned a "What is this? A phone number??!?" error.

Naturally, the DEA has denied MuckRock's requested fee waiver, citing a whole page worth of reasons, but really mainly because there's no way it would kick 13,000 documents loose without collecting a substantial amount from the requester. On the other hand, this sky-high fee runs counter to the intended purpose of the Freedom of Information laws: to "free information." That doesn't mean it should necessarily be "free," but it does mean that agencies are supposed to do their best to ensure the public isn't priced out of accessing information.

This request will have to be narrowed considerably if MuckRock hopes to obtain anything on this subject from the DEA. While it does have crowdfunding options, the chances of donors putting together over a million dollars seems unlikely. And the DEA itself could use some guidance on putting together fee estimates, seeing as some simple math exposes how its $1.4 million quote is completely unmoored from reality.

Permalink | Comments | Email This Story
]]>one-agency's-pocket-change-is-another-entity's-small-fortunehttps://www.techdirt.com/comment_rss.php?sid=20150206/15434529942Wed, 28 Jan 2015 08:12:56 PSTDEA Collecting Massive Database Of Your Driving Habits In Secret, Using License Plate ReadersMike Masnickhttps://www.techdirt.com/articles/20150127/18110029835/dea-collecting-massive-database-your-driving-habits-secret-using-license-plate-readers.shtml
https://www.techdirt.com/articles/20150127/18110029835/dea-collecting-massive-database-your-driving-habits-secret-using-license-plate-readers.shtmlgiant database of metadata on phone calls (with less oversight than the NSA), how it has embedded telco employees who are able to snoop on subscribers in real-time for the DEA, how the DEA is deeply involved in parallel construction (using intelligence info collected under questionable means to arrest someone and then to hide or lie to judges about that information), how it paid a secretary at Amtrak $850,000 to give them all of Amtrak's passenger lists, how it was (with the NSA) recording every single phone call in the Bahamas and, finally, how it was impersonating people on Facebook.

And now, the latest is that the DEA has been building a massive database of your travel habits using automatic license plate readers. These license plate readers have been used increasingly by law enforcement, and the ACLU has been tracking their growing usage for years. A year ago, we wrote about Homeland Security putting out a call for a national license plate reader program, resulting in public outrage. While it eventually scrapped those public plans, we noted at the time that DHS still had access to plenty of other databases of license plate reader data, including one in ICE (Immigrations and Customs Enforcement).

But the latest news is that the DEA also had a huge database of this info as well:

The new DEA records that we received are heavily redacted and incomplete, but they provide the most complete documentation of the DEA’s database to date. For example, the DEA has previously testified that its license plate reader program began at the southwest border crossings, and that the agency planned to gradually increase its reach; we now know more about to where it has grown. The DEA had previously suggested that “other sources” would be able to feed data into the database; we now know about some of the types of agencies collaborating with the DEA.

The documents uncovered by our FOIA request provide additional details, but their usefulness is limited by the DEA’s decision to provide only documents that are undated or years old. If the DEA’s collection of location information is as extensive as the agency has suggested in its limited comments to legislatures, the public deserves a more complete and comprehensive explanation than the smattering of records we have obtained can provide.

These records do, however, offer documentation that this program is a major DEA initiative that has the potential to track our movements around the country. With its jurisdiction and its finances, the federal government is uniquely positioned to create a centralized repository of all drivers’ movements across the country — and the DEA seems to be moving toward doing just that. If license plate readers continue to proliferate without restriction and the DEA holds license plate reader data for extended periods of time, the agency will soon possess a detailed and invasive depiction of our lives (particularly if combined with other data about individuals collected by the government, such as the DEA’s recently revealed bulk phone records program, or cell phone information gleaned from U.S. Marshals Service’s cell site simulator-equipped aircraft ). Data-mining the information, an unproven law enforcement technique that the DEA has begun to use here, only exacerbates these concerns, potentially tagging people as criminals without due process.

Among the information the ACLU's new documents show, is that the DEA already taps into other agencies' license plate reader databases, including local law enforcement and federal agencies like those in DHS. The records the ACLU obtained note that there were over 343 million records in the database (but the redactions on the document obscure the date of that finding, so it's likely much larger today).

Oh, and then there's this: one of the main points of the program is to help law enforcement steal seize things from the public:

A spokesman for Justice Department, which includes the DEA, said the program complies with federal law. “It is not new that the DEA uses the license-plate reader program to arrest criminals and stop the flow of drugs in areas of high trafficking intensity,’’ the spokesman said.

That's a bullshit response on any number of levels. It may not be new that the DEA is using the technology, but the extent of its usage, and the efforts it has taken to keep it secret are new. On top of that, the fact that its primary purpose is to help with seizures is a pretty big deal, especially given the rest of what the DEA has been doing lately. It makes you wonder if there's any oversight at all on this stuff.

Permalink | Comments | Email This Story
]]>disband-the-deahttps://www.techdirt.com/comment_rss.php?sid=20150127/18110029835Fri, 23 Jan 2015 12:40:00 PSTDOJ Pays $134,000 To Settle Case Of DEA Agents Impersonating A Woman On FacebookMike Masnickhttps://www.techdirt.com/articles/20150122/17532229786/doj-pays-134000-to-settle-case-dea-agents-impersonating-woman-facebook.shtml
https://www.techdirt.com/articles/20150122/17532229786/doj-pays-134000-to-settle-case-dea-agents-impersonating-woman-facebook.shtmlimpersonated a woman on Facebook, even posting photographs of her young children (which they had taken off of her phone), in order to try to track down drug dealers. The woman, Sondra Arquiett, had dated a guy who was convicted of drug dealing, and had herself been charged with letting her boyfriend store some drugs in her apartment, leading to a sentence of probation. DEA agent Timothy Sinnegen then took the photos off of her phone, set up a fake Facebook page pretending to be Arquiett and tried to "friend" people she knew, in trying to track down other drug dealers. Arquiett was totally unaware of this until a friend brought it up, leading her to sue the DEA.

A few days ago, the Justice Department agreed to settle the case, paying her $134,000 for her troubles. As with many settlements, this one includes the government insisting that the settlement is not an admission of any guilt for its actions -- though it also leaves open that Arquiett could seek to get some attorneys' fees as well. Both Facebook and Senator Leahy had criticized the government for this action, and the DOJ promised to review this kind of practice -- though that review is still "ongoing." Either way, in this case, the DOJ realized that it was best to just pay up rather than let the case go much further.

Even so, the statement from the feds is fairly ridiculous:

U.S. Attorney for the Northern District of New York, Richard Hartunian, who previously had defended the agent’s behavior in court filings, issued a statement Tuesday calling the settlement “a fair resolution.” He said it “demonstrates that the government is mindful of its obligation to ensure the rights of third parties are not infringed upon in the course of its efforts to bring those who commit federal crimes to justice.”

Sorry, but if the government is actually "mindful of its obligations to ensure the rights of third parties are not infringed upon," then, uh, it shouldn't have impersonated people in the first place. Hopefully this settlement means it will not do so again in the future.

Permalink | Comments | Email This Story
]]>dea-out-of-controlhttps://www.techdirt.com/comment_rss.php?sid=20150122/17532229786Tue, 20 Jan 2015 03:49:00 PSTAnd Of Course DEA Had Its Own Database Of Metadata On All Calls From Inside The US To Certain Foreign CountriesMike Masnickhttps://www.techdirt.com/articles/20150116/17254729726/course-dea-had-its-own-database-metadata-all-calls-inside-us-to-certain-foreign-countries.shtml
https://www.techdirt.com/articles/20150116/17254729726/course-dea-had-its-own-database-metadata-all-calls-inside-us-to-certain-foreign-countries.shtmlparallel construction, how it had "embedded" AT&T employees who could help the DEA look up any info it needed and how it had its own HEMISPHERE database of call record info going back to 1987.

But it wasn't entirely clear how much information was in that database. And yet, in a recently revealed declaration from a DEA agent, it was revealed that the DEA had a database on every phone call from inside the US to certain countries outside the US, which it could then query using the typical RAS -- "reasonable articulable suspicion" -- standard that the NSA has used to query its giant database as well. That is, rather than targeting just suspicious calls, the DEA got a database of all calls to certain key countries.

This database [REDACTED] consisted of telecommunications metadata obtained from United States telecommunications service providers pursuant to administrative subpoenas served upon the service providers under the provisions of 21 U.S.C. § 876. This metadata related to international telephone calls originating in the United States and calling [REDACTED] designated foreign countries, one of which was Iran, that were determined to have demonstrated a nexus to international drug trafficking and related criminal activities. This metadata consisted exclusively of the initiating telephone number; the receiving telephone number; the date, time, and duration of the call; and the method by which the call was billed.

The program was shut down in September of 2013, just as the NY Times wrote about the program (funny, that...). As Marcy Wheeler notes, there's at least a decent chance this effort was just about trying to support sanctions against Iran (tracking if someone in the US is actually doing business with Iran) rather than drug trafficking. Either way, it shows yet another example of how much the government seems willing to scoop up tons of information on innocent people in hopes that there's a needle in all those stacks of hay.

Permalink | Comments | Email This Story
]]>because-of-course-it-didhttps://www.techdirt.com/comment_rss.php?sid=20150116/17254729726Wed, 22 Oct 2014 14:47:00 PDTSenator Leahy Slams DEA For Impersonating A Woman On FacebookMike Masnickhttps://www.techdirt.com/articles/20141021/17383728896/senator-leahy-slams-dea-impersonating-woman-facebook.shtml
https://www.techdirt.com/articles/20141021/17383728896/senator-leahy-slams-dea-impersonating-woman-facebook.shtmlfurious with the DEA for impersonating a woman, posting pictures from her phone, in an attempt to get evidence concerning a drug dealer. Senator Patrick Leahy has now sent an angry letter to the DOJ about this situation as well.

I am greatly concerned by recent reports that the Drug Enforcement Administration used the
identity of an unsuspecting young woman to create a public Facebook profile to interact with
suspected drug traffickers. This extraordinary tactic placed this woman and her family at risk,
and I expect the Justice Department to reconsider the use of such techniques.

Senator Leahy didn't hold back in explaining just why this whole situation was "appalling."

Viewers of the fake profile, which was only removed from Facebook this month, could believe
the woman was currently involved with illicit activities or was actively cooperating with a law
enforcement investigation. The DEA agent's decision to post suggestive photographs of the
woman as well as pictures of her young child and niece is appalling and placed them at even
greater risk.

I understand that cooperating defendants often provide critical assistance to criminal
investigations. However, the decision to cooperate and the nature of that cooperation is a
decision to be made by the defendant and the defendant alone. Law enforcement agencies should
not risk the safety of innocents or those who are serving their debt to society without their
knowledge or consent. Although the Justice Department has indicated that this incident is under
review, the U.S. Attorney's Office for the Northern District of New York has thus far defended
the practice. I hope the Justice Department will agree that creating an online profile using an
unsuspecting person's identity to communicate with criminals is unethical, potentially
dangerous, and should not be condoned by our nation's law enforcement agencies.

However, remember, this is the very same DOJ which has argued in other cases that violating the terms of service of certain websites is a violation of the CFAA. But, of course, when the government itself does it, in much more appalling situations, they don't seem to think there's any problem.

Permalink | Comments | Email This Story
]]>but-what-will-happenhttps://www.techdirt.com/comment_rss.php?sid=20141021/17383728896Mon, 20 Oct 2014 03:42:00 PDTFacebook To DEA: Hey, No Setting Up Fake AccountsMike Masnickhttps://www.techdirt.com/articles/20141017/16105328863/facebook-to-dea-hey-no-setting-up-fake-accounts.shtml
https://www.techdirt.com/articles/20141017/16105328863/facebook-to-dea-hey-no-setting-up-fake-accounts.shtmlset up a fake profile of a woman who was charged in a case related to drug dealing. The DEA argued that the woman's "consent" to using evidence from her seized cell phone in their investigation included allowing them to (without telling her) set up a Facebook profile in her name, post pictures of hers and other children (from the phone) and "friend" people that the woman knew in real life, in an effort to get more evidence in the drug case. After the story got attention, thanks to a Buzzfeed article, the DOJ said it will "review the practice" of creating such fake Facebook profiles (implying this isn't the only one).

Facebook itself has now stepped into the fracas, noting that the DEA's actions are a "knowing and serious breach" of the site's policies, and that those policies still apply to the government.

Most fundamentally, the DEA's actions threaten the integrity of our community. Facebook strives to maintain a safe, trusted environment where people can engage in authentic interactions with the people they know and meet in real life. Using Facebook to impersonate others abuses that trust and makes people feel less safe and secure when using our service. Indeed, as we have observed at Facebook, such deceptive actions are often used to further harmful conduct, such as trolling, hate speech, scams, bullying, and even domestic violence. This impact is markedly different from undercover investigations conducted in the "real" world.

It further asks that the DEA "immediately confirm that it has ceased all activities on Facebook that involve the impersonation of others or that violate our terms and policies." Of course, I wonder if it would even be possible for Facebook to figure out when the DEA sets up a fake profile, but it appears that this tactic by the DEA may not be usable going forward. You can read the full letter below or download it here (pdf).

Permalink | Comments | Email This Story
]]>not-coolhttps://www.techdirt.com/comment_rss.php?sid=20141017/16105328863Tue, 7 Oct 2014 07:54:46 PDTDEA Impersonated Woman, Set Up Fake Facebook Page, Posted Photos From Her Seized Phone To Make It Look RealMike Masnickhttps://www.techdirt.com/articles/20141006/17572528748/dea-impersonated-woman-set-up-fake-facebook-page-posted-photos-her-seized-phone-to-make-it-look-real.shtml
https://www.techdirt.com/articles/20141006/17572528748/dea-impersonated-woman-set-up-fake-facebook-page-posted-photos-her-seized-phone-to-make-it-look-real.shtmlimpersonating a woman, creating a fake Facebook profile without her knowledge or permission, and posting photos from her seized cell phone, all in order to try to get information from others. The specifics involve a woman, Sondra "Sosa" Arquiett, who was apparently the girlfriend of Jermaine Branford, a guy who was accused of (and eventually pleaded guilty to) drug trafficking. Arquiett was a minor player, charged with basically allowing Branford to use her apartment for storing and processing the cocaine he was trafficking. Arquiett was eventually sentenced to probation.

Where this gets interesting, however, is that Arquiett has now filed a civil suit against the US and DEA agent Timothy Sinnigen, who allegedly set up the fake Facebook account. Arquiett claims she never had a Facebook account, and only found out about the fake DEA one when a friend mentioned something about photos she was posting -- photos that the DEA had from seizing her phone. The details are laid out clearly in the lawsuit. Arquiett was arrested in July of 2010. By August, Sinnegen had set up the fake Facebook profile using information and photos from her phone, without telling Arquiett at all. Arquiett notes that:

The photographs used by Sinnigen included revealing and/or suggestive photographs of Plaintiff, including photographs of the Plaintiff in her bra and panties. Sinnigen also posted photographs of Plaintiff's minor child and her minor niece to Facebook.

The DEA then allegedly used the fake profile to try to contact other acquaintances who may have been involved in drug trafficking. This went on for at least three months before she discovered it. Sinnigen apparently flat out admitted it when confronted about it. Arquiett notes that, beyond the basic invasion of privacy reasons to be concerned, the whole thing may have put her in danger:

... by posing as her on Facebook, Sinnegen had created the appearance that Plaintiff was willfully cooperating in his investigation of the narcotics trafficking ring, thereby placing her in danger.

In the DEA's response to the lawsuit, they admit to setting up the fake profile and contacting possible drug dealers, but insist this is all perfectly fine.

Defendants admit that Plaintiff did
not give express permission for the use of photographs contained on her phone on an undercover
Facebook page, but state the Plaintiff implicitly consented by granting access to the information
stored in her cell phone and by consenting to the use of that information to aid in an ongoing
criminal investigations.

It's one thing to say "use the information seized for investigations" and quite another to "fake my identity and pretend to be me." Furthermore, the response argues:

Plaintiff relinquished any expectation of privacy she may have had to the
photographs contained on her cell phone.

Plaintiff consented to the search of her cell phone.

Plaintiff consented to use of information contained on her cell phone in ongoing
criminal investigations.

Plaintiff cannot establish a violation of her substantive due process rights because
she has not, and cannot, allege that Defendant Sinnigen’s alleged actions were taken with the
absence of a legitimate governmental interest.

Again, consenting to the use of the information is very different from saying "hey, go impersonate me." But, again, this is the DEA we're talking about, and they have quite a bit of history to playing fast and loose with legal boundaries to try to go after folks. Buzzfeed quotes numerous legal experts saying it's a massive stretch to go from consenting to using the information in an investigation, to arguing that means it's okay to impersonate the individual and pretend they're engaged in ongoing conversations with potential drug dealers.

This effort also almost certainly violates Facebook's terms of service, though it's unclear how Facebook feels about law enforcement folks doing so. Either way, it's yet another example of very questionable investigative techniques used online by law enforcement, and the DEA in particular.

Permalink | Comments | Email This Story
]]>extra questionablehttps://www.techdirt.com/comment_rss.php?sid=20141006/17572528748Mon, 25 Aug 2014 13:36:24 PDTNSA Makes Metadata (Including Info On Americans) Available To Domestic Law Enforcement Via 'Google-Like' SearchMike Masnickhttps://www.techdirt.com/articles/20140825/11364228314/nsa-makes-metadata-searches-including-info-americans-available-to-domestic-law-enforcement-via-google-like-search.shtml
https://www.techdirt.com/articles/20140825/11364228314/nsa-makes-metadata-searches-including-info-americans-available-to-domestic-law-enforcement-via-google-like-search.shtmla "Google-like" search engine that the NSA built, called ICREACH, which lets the NSA share a massive trove (at least 850 billion) of "metadata" records not just with others in the NSA or CIA, but with domestic law enforcement and other government agencies including the FBI and the DEA. The database includes records collected via Executive Order 12333, which we recently noted a State Department official revealed as the main program via which the NSA collects its data (and which is not subject to oversight by Congress).

While data collected under 12333 is supposed to be "minimized" to ditch information on "US Persons" we've already noted how backdoor searches get around that. Further, as this report reminds everyone, while "minimized" the NSA still keeps the data, and if someone (say, the DEA or FBI) wants to dig deeper, they can "un-minimize" the data.

However, the documents make clear that it is not only data about foreigners’ communications that are available on the system. Alexander’s memo states that “many millions of…minimized communications metadata records” would be available through ICREACH, a reference to the process of “minimization,” whereby identifying information—such as part of a phone number or email address—is removed so it is not visible to the analyst. NSA documents define minimization as “specific procedures to minimize the acquisition and retention [of] information concerning unconsenting U.S. persons”—making it a near certainty that ICREACH gives analysts access to millions of records about Americans. The “minimized” information can still be retained under NSA rules for up to five years and “unmasked” at any point during that period if it is ever deemed necessary for an investigation.

In other words, there's a decent chance that the FBI and DEA can easily surf through these hundreds of billions of records, and "unmask" people if need be, and then make use of the infamous parallel construction to hide how they first decided to focus on a particular individual or group.

In practice, this could mean that a DEA agent identifies an individual he believes is involved in drug trafficking in the United States on the basis of information stored on ICREACH. The agent begins an investigation but pretends, in his records of the investigation, that the original tip did not come from the secret trove. Last year, Reuters first reported details of parallel construction based on NSA data, linking the practice to a unit known as the Special Operations Division, which Reuters said distributes tips from NSA intercepts and a DEA database known as DICE.

Tampa attorney James Felman, chair of the American Bar Association’s criminal justice section, told The Intercept that parallel construction is a “tremendously problematic” tactic because law enforcement agencies “must be honest with courts about where they are getting their information.” The ICREACH revelations, he said, “raise the question of whether parallel construction is present in more cases than we had thought. And if that’s true, it is deeply disturbing and disappointing.”

And yes, this is "just metadata" but as the Intercept report notes, the NSA's own notes relating to this project reveal just how valuable metadata can be, including noting that it "has been a contribution to virtually every successful rendition of suspects and often, the deciding factor."

An NSA memo noted that PROTON could identify people based on whether they behaved in a “similar manner to a specific target.” The memo also said the system “identifies correspondents in common with two or more targets, identifies potential new phone numbers when a target switches phones, and identifies networks of organizations based on communications within the group.” In July 2006, the NSA estimated that it was storing 149 billion phone records on PROTON.

According to the NSA documents, PROTON was used to track down “High Value Individuals” in the United States and Iraq, investigate front companies, and discover information about foreign government operatives. CRISSCROSS enabled major narcotics arrests and was integral to the CIA’s rendition program during the Bush Administration, which involved abducting terror suspects and flying them to secret “black site” prisons where they were brutally interrogated and sometimes tortured. One NSA document on the system, dated from July 2005, noted that the use of communications metadata “has been a contribution to virtually every successful rendition of suspects and often, the deciding factor.”

Remember Michael Hayden gleefully admitting that the US kills people based on metadata? Well, now it turns out that we "rendition" them on metadata as well. Oh, and contrary to earlier claims about how just a few NSA analysts could examine the metadata, it now looks like tons of other government agencies, including the FBI and DEA have pretty free license to scour the data as well.

Permalink | Comments | Email This Story
]]>easy-peasyhttps://www.techdirt.com/comment_rss.php?sid=20140825/11364228314Tue, 12 Aug 2014 07:43:18 PDTDEA Paid Amtrak Secretary $850,000 To Hand Over Confidential Passenger Lists For No ReasonMike Masnickhttps://www.techdirt.com/articles/20140811/17262128177/dea-paid-amtrak-secretary-850000-to-hand-over-confidential-passenger-lists-no-reason.shtml
https://www.techdirt.com/articles/20140811/17262128177/dea-paid-amtrak-secretary-850000-to-hand-over-confidential-passenger-lists-no-reason.shtmllie about getting info from the intelligence community when it uses it to bust drug dealers -- a system known as parallel construction, which is encouraged throughout the agency. We also know that AT&T (and possibly others) have employees embedded at the DEA to provide it with even faster access to any information that the DEA wants. We've also covered how the DEA often gets unchecked access to private information and has been caught circumventing laws to get medical records without a warrant. The DEA is also the force behind the NSA's recording of every phone call in the Bahamas.

Basically, as bad as the NSA, CIA and FBI may be, the DEA appears to be a pretty massive violator of civil liberties in pursuit of any and all information it can get its hands on. So, given that, it shouldn't be even remotely surprising that the DEA apparently forked over $854,460 to a secretary working for Amtrak to get her to hand over private passenger information for a period of 20 years. Except there is this:

The DEA could have lawfully obtained [this information] for free through a law enforcement network.

Also, it seems worth noting that it took Amtrak's inspector general 20 years to figure all this out, and then the operation decided to let the (unnamed) secretary retire (with $854,460 more than she "earned") rather than face any discipline.

On Monday, the office of Amtrak Inspector General Tom Howard declined to identify the secretary or say why it took so long to uncover the payments. Howard's report on the incident concluded, "We suggested policy changes and other measures to address control weaknesses that Amtrak management is considering." DEA spokesman Matt Barden declined to comment.

So, the DEA wasted nearly a million dollars to get private info that it could have obtained for free -- but which it probably shouldn't be allowed to have without a warrant. And the "rogue" secretary who forked over this info, while padding her own income, gets off without any consequence at all. Good thing she didn't download public domain material from the internet...

Permalink | Comments | Email This Story
]]>uh, wowhttps://www.techdirt.com/comment_rss.php?sid=20140811/17262128177Fri, 18 Jul 2014 19:39:00 PDTFedEx Indicted For Failing To Look Into Its Packages To See If Any Online Pharmacies Were Sending DrugsMike Masnickhttps://www.techdirt.com/articles/20140718/13413227929/fedex-indicted-failing-to-look-into-its-packages-to-see-if-any-online-pharmacies-were-sending-drugs.shtml
https://www.techdirt.com/articles/20140718/13413227929/fedex-indicted-failing-to-look-into-its-packages-to-see-if-any-online-pharmacies-were-sending-drugs.shtmlforfeit $40 million to the US government for shipping drugs from "illegal internet pharmacies." Not that such drugs or pharmacies should be legal (that's a whole different discussion), but it's insane to pin the blame for the shipments on the shipping company, whose sole job is to get packages from point A to point B. In fact, we don't want shipping companies to be liable for what's in packages, because then they have not just the incentive, but the mandate to snoop through all our packages.

Apparently, FedEx was unwilling to fall on its sword and cough up a similar amount to the US government, so the DEA and DOJ have announced they've gotten a grand jury to indict the company for delivering drugs associated with internet pharmacies. You can read the full indictment, which tries to spin a variety of stories into evidence that somehow FedEx "knew" what was in those packages. The indictment does describe FedEx deliveries to vacant homes and parking lots where carloads of people would be waiting.

As early as 2004, FEDEX couriers and customer service agents in Kentucky, Tennessee,
and Virginia expressed safety concerns to their management, including the following: FEDEX trucks
had been stopped on the road by Internet pharmacy customers demanding packages of pills; delivery
addresses included parking lots, schools, and vacant homes where people would wait for deliveries of
drugs; customers would jump on FEDEX trucks and demand Internet pharmacy packages; FEDEX
drivers were threatened if they insisted on delivering a package to the address instead of giving the
package to the customer who demanded it; and customers would use multiple names and identification
documents to pick up packages of drugs.

A FEDEX employee also raised concerns to FEDEX management that some recipients of
Internet pharmacy packages were engaged in "doctor shopping," were "known to be selling and using,"
and that "some of the recipients have overdosed and died."

While that may sound damning, remember this is the DEA/DOJ's spin on things. Even if everything above is true, FedEx's job is to deliver packages, not examine everything inside those packages to make sure they're legal. Even in some of the cases -- as described in the indictment -- where FedEx becomes aware that some of the companies ran into trouble with the DEA for selling drugs illegally, it's hard to see how that means FedEx should automatically drop all business connections with those entities. Presumably, a firm that was caught selling drugs illegally could have other legitimate business to continue and would make use of services like FedEx going forward. It's not FedEx's job to examine everything in those packages.

Furthermore, the company notes that it has long asked the DOJ to provide it with a list of online pharmacies that it shouldn't do business with, so that it didn't have to just guess. The government did not provide the list, and seems to think that FedEx must be psychic (and should know what's in all packages and whether or not they're illegal."

"We have repeatedly requested that the government provide us a list of online pharmacies engaging in illegal activity," [VP Patrick Fitzgerald] said. "Whenever DEA provides us a list of pharmacies engaging in illegal activity, we will turn off shipping for those companies immediately. So far the government has declined to provide such a list."

The criminal case is an unprecedented escalation of a federal crackdown on organizations and individuals to combat prescription drug abuse, said Larry Cote, an attorney and ex-associate chief counsel at the U.S. Drug Enforcement Administration.

“Targeting a company that’s two, three steps removed from the actual doctor-patient, pharmacy-patient relationship is unprecedented,” said Cote....

“The DEA does believe that everyone in the supply chain is responsible and has an obligation to understand where their products are ending up,” said Cote, calling that “a stretch.”

We often talk about secondary liability on the internet, but it's the same basic principal here. The company that's merely acting as the conduit shouldn't be liable for what's traversing over its system. The implications of changing that, and holding a company liable are very serious. It's going to create massive incentives for shipping companies to not just open up and look at what's in our packages, but to also make on-the-fly determinations of whether or not they think it's legal.

Permalink | Comments | Email This Story
]]>say-what-now?https://www.techdirt.com/comment_rss.php?sid=20140718/13413227929Thu, 10 Jul 2014 10:02:00 PDTDEA Gets Unchecked Access To Call Records; Taught To Lie About Where They Got ThemTim Cushinghttps://www.techdirt.com/articles/20140708/10063027815/more-hemisphere-documents-show-drug-warriors-getting-unchecked-access-to-call-records-lying-about-where-they-got-them.shtml
https://www.techdirt.com/articles/20140708/10063027815/more-hemisphere-documents-show-drug-warriors-getting-unchecked-access-to-call-records-lying-about-where-they-got-them.shtml
Shortly after the Snowden leaks began exposing the NSA's massive collection efforts, the New York Times uncovered the DEA's direct access to AT&T telecom switches (via non-government employee "analysts" working for AT&T), from which it and other law enforcement agencies were able to gather phone call and location data.

Unlike the NSA's bulk records programs (which are limited to holding five years worth of data), the Hemisphere database stretches back to 1987 and advertises instant access to "10 years of records." And unlike the NSA's program, there's not even the slightest bit of oversight. All law enforcement needs to run a search of the Hemisphere database is an administrative subpoena -- a piece of paper roughly equivalent to calling up Hemisphere analysts and asking them to run a few numbers. Administrative subpoenas are only subject to the oversight of the agency issuing them.

Unlike the documents obtained by the New York Times (possibly inadvertently), these do contain a few redactions, including some apparent success stories compiled at the end of the presentation. But like the earlier documents, the documents show that the DEA and law enforcement have unchecked access to a database that agents and officers are never allowed to talk about -- not even inside a courtroom.

It is expected that all Hemisphere requests will be paralleled with a subpoena for CDRs from the official carrier for evidentiary purposes.

It's spelled out more explicitly on a later slide, listed under "Official Reporting."

DO NOT mention Hemisphere in any official reports or court documents.

Judging from the request date, it would appear that this version of the Hemisphere presentation possibly precedes the New York Times' version. However, this one does not name the cooperating telco, although that appears to be a deliberate choice of the person writing the presentation, rather than due to redaction. At one point the document declares Hemisphere can access records "regardless of carrier," but later clarifies that it will only gather info that crosses certain telecom switches -- most likely AT&T's. Additional subpoenas will be needed to gather info from other carriers, as well as to obtain subscriber information linked to searched numbers. This small limitation plays right into the DEA's insistence that Hemisphere be "walled off" from defendants, court systems and the public.

If exigent circumstances make parallel construction difficult, Hemisphere analysts (non-government liaisons within the telco) will "continue to work with the investigator throughout the entire prosecution process in order to ensure the integrity of Hemisphere and the case at hand." Analysts are allowed to advise investigators on report writing, presentations to prosecutors and issues occurring during the trial phase. The word "integrity" seems out of place when it describes non-government employees assisting government agencies in hiding the origin of evidence from other government agencies.

Cross-referencing what's been redacted in this one with the unredacted document published earlier, it appears as though the DEA is trying to (belatedly) hide the fact that its Hemisphere can also search IMSI and IMEI data (for wireless connections). Although this document states (after a long redaction) that Hemisphere does not collect subscriber information, that's only partially true. As of July 2012, subscriber information for AT&T customers can be obtained from the database. This information may have been redacted or it may be that this presentation pre-dates this added ability.

What this shows is that the DEA has access to loads of information and a policy of "parallel construction in all things." Tons of other government agencies, including the NSA, FBI and CIA are funneling information to the DEA and instructing it to hide the origin. The DEA then demands law enforcement agencies around the nation to do the same thing. This stacks the deck against defendants, who are "walled off" from the chain of evidence, preventing them from challenging sources, methods or the integrity of the evidence itself.

Permalink | Comments | Email This Story
]]>your-due-process-is-no-match-for-our-Drug-Warhttps://www.techdirt.com/comment_rss.php?sid=20140708/10063027815Thu, 19 Jun 2014 14:05:13 PDTWhy The FBI's New Interview Recording Policy Probably Won't Change AnythingTim Cushinghttps://www.techdirt.com/articles/20140609/10344327526/why-fbis-new-interview-recording-policy-probably-wont-change-anything.shtml
https://www.techdirt.com/articles/20140609/10344327526/why-fbis-new-interview-recording-policy-probably-wont-change-anything.shtml
As was noted here earlier, the FBI took a bold step in towards joining the 21st century by finally implementing audio and video recording hardware introduced in the 20th century. Up until this point, the FBI, along with the DEA and ICE, did not record in-custody interrogations using anything more up-to-date than pen-and-paper. This rendered recollections of interrogations completely suspect, prone to pen-wielder bias and the insertion and removal of context as needed, presumably in order to help secure more convictions for the FBI's entrapment counterterrorism task force.

And, as was also noted, the DOJ's new instructions provided plenty of escape hatches for agents who wished their interrogations to remain as analog as possible. Unrecorded interrogations can still be performed in the event that desirable recording equipment (i.e., a cellphone) isn't available or if the equipment available isn't functioning (batteries missing/unplugged/inadvertently smashed to pieces…).

First, there's the "public safety" exception, which can be triggered when exigent circumstances make unrecorded and (un-Mirandized) interrogations a necessity. These would be questionings normally done in the first few moments of an arrest. But with everyone carrying around a recording device, that exception no longer makes much sense. You no longer have to take a suspect "downtown" in order to record a questioning. The inclusion of this loophole is likely borrowed from pre-existing language, but all it does is create reasons not to record.

[S]ince recording is no longer impracticable, why wouldn't a responsible law enforcement agency want to preserve an unambiguous record? Unlike a public safety exception to Miranda, a public safety exception to recording seems to serve no purpose other than that of affording a loophole that can be exploited for illicit purposes.

The other loophole is much, much larger. It's predicated on the same rationale that has allowed the Constitution to be selectively scrapped over the past dozen years.

The same point applies with even greater force to the exceptions for “national security” and “intelligence, sources, or methods.” If recording is feasible (and that is the only condition in which the recording policy applies), national security and counterterrorism officials can only gain by having an unambiguous record of precisely what a suspect was asked and precisely how he or she answered. Indeed, an official who deliberately chose not to make and preserve a clear record of a national security interrogation would display less dedication than incompetence.

As Schulhofer points out, this exception plays right into the mindset of the FBI, which has refashioned itself into the nation's largest counterterrorism force (putting law enforcement on the back burner). This also plays right into every law enforcement and intelligence agency's fetishization of "intelligence, sources or methods." This is what's conjured up to justify refusals of FOIA requests and to keep new surveillance methods out of the public eye for as long as possible. It's what's used to deny access to returned warrants on closed cases. But for the FBI, it's also a reason to never record anything, just in case. The FBI's intertwined relationship with the NSA -- combined with the last year of leaked documents -- will make any agent extremely wary about leaving behind undisputed records of intelligence-related interviews. But all this will do is make these agencies even more insular and untrustworthy than they already are.

No national security establishment can possibly operate effectively on the basis of unwritten knowledge and word of mouth. If our government has reacted to the Snowden affair by developing an aversion to writing anything down, we are in deep trouble.

"Deep trouble" is where we're headed, if we're not there already. The DOJ has given the FBI, DEA and ICE huge exceptions to the recording policy -- which, it must be noted, aren't actually commands but a "presumptions" -- ones that are particularly prone to exploitation. Over the past decade, we've seen the government exploit the fear of "the next 9/11" to expand power and contract civil liberties. Government agents may now have to act under the "presumption" that custodial interviews will be recorded, but the DOJ has given them a handy list of excuses to use when these recordings fail to happen.

Permalink | Comments | Email This Story
]]>the-loophole-is-a-superhighwayhttps://www.techdirt.com/comment_rss.php?sid=20140609/10344327526Mon, 19 May 2014 11:34:24 PDTNSA Is Recording Every Phone Call... In The Bahamas?!?Mike Masnickhttps://www.techdirt.com/articles/20140519/11214627286/nsa-is-recording-every-phone-call-bahamas.shtml
https://www.techdirt.com/articles/20140519/11214627286/nsa-is-recording-every-phone-call-bahamas.shtmlrecording all phone calls from an unnamed country. The Washington Post chose not to reveal that country, leading many folks to assume that it was going to be a country like Afghanistan, Pakistan or Iraq. Would you believe... that it was actually the Bahamas? Ryan Devereaux, Glenn Greenwald and Laura Poitras have the long and detailed story over at The Intercept, revealing the SOMALGET program, a part of MYSTIC, which recorded every phone call from the Bahamas, not for terrorism, but to be able to hand over information about illegal drugs to the DEA.

According to documents provided by NSA whistleblower Edward Snowden, the surveillance is part of a top-secret system – code-named SOMALGET – that was implemented without the knowledge or consent of the Bahamian government. Instead, the agency appears to have used access legally obtained in cooperation with the U.S. Drug Enforcement Administration to open a backdoor to the country's cellular telephone network, enabling it to covertly record and store the "full-take audio" of every mobile call made to, from and within the Bahamas – and to replay those calls for up to a month.

Other countries being targeted under MYSTIC, as revealed by the Intercept: Mexico, the Philippines and Kenya. There is also one other, unnamed, country that the US is recording all calls for, but even The Intercept won't reveal that one (noting: "specific, credible concerns that doing so could lead to increased violence"). Either way, this has resulted in plenty of people pointing out that "tourists" and "terrorists" are not the same thing -- while noting that tourism is 60% of GDP in the Bahamas, with 85% of those tourists come from the US. Others have pointed out that, perhaps, the use of the Bahamas was just a convenient testbed where most people wouldn't notice, and where the information could easily be useful for the NSA's partners at the DEA. Though, on that front, Julian Sanchez points out that one of the reasons the NSA got in trouble back in the 1970s with the Church Committee, was because the government used the NSA to evade limits on domestic wiretaps for illegal drugs.

As the report notes, the purpose of SOMALGET seems to have nothing to do with stopping terrorism, but is entirely about helping the DEA in its drug war efforts. And, of course, that also explains how the US was able to set this up. Basically, the DEA has a good relationship with the government in the Bahamas, and when it needed to set up phone taps, it appears that the Bahamas more or less let them bring in their own contractors to set up the phone taps. And, rather than just set it up to tap some individuals, the NSA swooped in and helped those "contractors" tap the entire phone network because... "collect it all." Note how the "cover name" for the MYSTIC access provider is blacked out here:

The report further highlights that the DEA is one of the world's largest intelligence agencies, and often has greater access in a variety of countries, because those countries don't view it as "an intelligence agency" but rather as a drug fighting force. That has helped the NSA piggyback on the DEA for access in multiple countries.

Also, of interest, is the fact that, while the Bahamas is considered a popular place for money laundering and financial institutions to hide taxes, the NSA doesn't seem even remotely interested in that kind of law breaking. Because why bother taking on real crimes when you can focus on busting pot dealers:

Somehow, this kind of stuff doesn't make me feel any safer, as the NSA and its defenders insist. It makes me feel the opposite.

On Jan. 5, 2012, Paul Valin called the police to report he'd found a backpack containing what he believed to be meth-making equipment. That simple act of good citizenship landed his and wife Cindy's house on the National Clandestine Laboratory Register [NCLR], the federal Drug Enforcement Agency's list of meth labs.

Valin spotted a backpack in a river while kayaking. He took it home and opened it up looking for some identification that might point to its owner. Instead, he found tubing and chemicals. Being a good citizen (with nothing to hide), he called local law enforcement who came and removed the backpack… and then put him on a federal list that put his house in the same category as property where drugs had been seized (you know, as opposed to voluntarily and proactively given to police officers).

The NCLR's website openly admits that no federal agency verifies the information being forwarded to it. Valin's house was added to this list by local law enforcement, who filled out a standard form that failed to note that Valin had found the backpack and at no point had the "drug lab" ever crossed the threshold of his house (it had been in the back of Valin's pickup the entire time).

Once Valin was made aware of his home's placement on this list by a local TV reporter, he contacted the DEA in hopes of being delisted.

Valin sent an email to the DEA explaining the facts of his case and asking that his address be removed from the NCLR. The reply he received three weeks later was not encouraging.

An unsigned email from NCLR@doj.gov explained that Valin's address had been listed because of a Clandestine Laboratory Seizure form the DMPD submitted to the DEA following the collection of the backpack.

According to the email, the DMPD officer who filled out the report had checked the boxes for "abandoned lab" and "boxed lab," but didn't include any other information, such as where and how Valin found the backpack.

The email also stated that the DEA was only the "caretaker" of the NCLR site and, again, pointed out that it doesn't perform any sort of verification of submitted forms. According to the email, Valin had a couple of options: persuade the Des Moines, IA police department to contact the DEA and straighten out its paperwork error or have a local health agency declare his home free from drug contamination.

Unsurprisingly, the DEA's suggestions were both dead ends.

The second option isn't possible. No local or state health agencies in Iowa conducts such inspections. The state hasn't even set any standards for what constitutes meth-related contamination.

Valin hasn't had much luck with the first option, either. He's still waiting for a reply to the voicemails he left at the DMPD phone number he was told to call.

The good news is that someone finally decided to do something about this error. Special Agent Eric Neubauer of the El Paso branch of the DEA took the Des Moines Police Dept. investigative report (which detailed the whole chain of events) provided to him by Iowa Watchdog and used that info to delist Valin's home. The DMPD still hasn't explained why the details on its internal investigative report failed to make their way onto the form sent to the DEA -- an omission that put Valin's home on a national "drug lab" watchlist for two years.

Permalink | Comments | Email This Story
]]>helping-out,-getting-hurthttps://www.techdirt.com/comment_rss.php?sid=20140307/11061626482Thu, 13 Feb 2014 10:02:00 PSTDistrict Court Says DEA's Warrantless Access Of Oregon's Prescription Database Is UnconstitutionalTim Cushinghttps://www.techdirt.com/articles/20140212/10133626198/district-court-says-deas-warrantless-access-oregons-prescription-database-is-unconstitutional.shtml
https://www.techdirt.com/articles/20140212/10133626198/district-court-says-deas-warrantless-access-oregons-prescription-database-is-unconstitutional.shtml
Early last year, the news surfaced that the DEA was bypassing Oregon state law by using administrative subpoenas to get around the state's warrant requirement for drug prescription database access. "Administrative subpoenas" are yet another government tool that allows agencies to seek information that would normally require a warrant, but without the hassle of running it past a judge or even showing probable cause.

For the first time, a federal judge has ruled that patients have a reasonable expectation of privacy in their drug prescription records, and that law enforcement must obtain a warrant in order to search such information…

“This is a victory for privacy and for the constitutional rights of anyone who ever gets drug prescriptions,” said ACLU Staff Attorney Nathan Freed Wessler, who argued the case last month. “The ruling recognizes that confidential medical records are entitled to the full protection of the Fourth Amendment. The court rightly rejected the federal government’s extreme argument that patients give up their privacy rights by receiving medical treatment from doctors and pharmacists.”

As the ruling points out, citizens have long associated privacy with medical treatment, something that has gone hand-in-hand dating back to the 4th century B.C.E. and the origin of the Hippocratic Oath. It also points out the obvious: federal law itself (HIPAA) contains built-in privacy protections. (Hence the form you have to sign, the privacy info sheet you're handed on every visit, and signs everywhere telling you to stand behind them for the privacy of the patient in front of you.)

The judge's decision also notes that stripping away this expectation of privacy will have a chilling effect on those seeking medical care, something that could have very adverse effects on the health of people who might avoid seeking treatment because they fear their medical records will be exposed.

As the ACLU notes in its press release, it's not exactly happy the state of Oregon has chosen to create a centralized database of drug prescriptions, but, if it is going to do so, it has at least chosen to take the privacy of those contained in the database very seriously.

This decision strikes a small blow against the government's routine abuse of "exceptions" to warrant requirements as well as against its even more routine abuse of the "third party doctrine," which the DEA actually used to claim that talking to a doctor is no different than dialing a phone. The DEA knows there's a huge difference between these two "third parties" but applying that knowledge means showing probable cause and getting a judge to sign off on the warrant, two aspects it apparently feels only hampers its War on Drugs.

Permalink | Comments | Email This Story
]]>the War on Drugs has no time for your outdated 'rights'https://www.techdirt.com/comment_rss.php?sid=20140212/10133626198Mon, 3 Feb 2014 11:49:00 PSTParallel Construction Revealed: How The DEA Is Trained To Launder Classified Surveillance InfoMike Masnickhttps://www.techdirt.com/articles/20140203/11143926078/parallel-construction-revealed-how-dea-is-trained-to-launder-classified-surveillance-info.shtml
https://www.techdirt.com/articles/20140203/11143926078/parallel-construction-revealed-how-dea-is-trained-to-launder-classified-surveillance-info.shtmlshare info with the DEA and other law enforcement agencies, but then tell them to reconstruct the evidence via a process called "parallel construction," so that the surveillance would not then be discussed in court. This is highly questionable, and probably illegal, as a defendant has the right to know all of the evidence being used against him or her, and should also be told how that evidence was gathered, to make sure the collection was legal. But what's being done with parallel construction, is that the intelligence community is able to give "hints" to law enforcement, allowing them to come up with various pretenses for an investigation, avoiding ever having to reveal that the NSA or others used potentially illegal surveillance efforts. One example given in that Reuters report was how DEA agents would suddenly be given a tip like this: "Be at a certain truck stop at a certain time and look for a certain vehicle." The DEA would then have the local police come up with some pretense to stop the truck... and then when evidence is found they can claim it was a random traffic stop, when the reality is anything but that.

Our friends in the military and intelligence community never have to prove anything to the general public. They can act upon classified information without ever divulging their sources or methods to anyway [sic] outside their community. If they find Bin Laden's satellite phone and then pin point his location, they don't have to go to a court to get permission to put a missile up his nose.

We are bound, however, by different rules.

Our investigations must be transparent. We must be able to take our information to court and prove to a jury that our bad guy did the bad things we say he did. No hiding here. However, we are also bound to protect certain pieces of information so as to protect the sources and methods.

To use it....we must properly protect it.

There are also training materials that discuss how parallel construction works, as well as the fact that in "the new post-9/11" era, a "national consensus" has been formed making it easier for the intelligence community and law enforcement to share information. It even refers to the federal courts as the intelligence community's "nemesis."

A lot of the documentation deals with how to deal with having classified information, and the focus seems to be on keeping that information away from anyone involved in the case. There is -- I kid you not -- a special group of prosecutors called "the Taint Review Team" -- to be called in when things get... well... tainted.

In one part of the presentation, they talk about all sorts of ways to try to get a judge to avoid revealing classified information to defendants, and then have a plan "if all else fails" which includes redoing the indictment or dropping the case. That same presentation shows that there should be a "see no evil" plan -- which explains why DEA agents are often just told "go to this truck stop and look for this truck" without knowing any more. That way they "saw no evil" with evil being defined as questionably obtained intelligence.

It appears that much of the DEA's arguments here rely on the Supreme Court's ruling in 1938 in Scher v. United States, in which a law enforcement agent was told some things by a source, and used that information to find and arrest the defendant handling whiskey (during Prohibition). The court said that how the agent found out about the information doesn't matter, so long as the agent saw illegal acts himself. And thus, the Supreme Court "enabled" the idea of parallel construction. That case pops up repeatedly throughout the documents, basically telling DEA agents: expect information to come from intelligence sources, but do your best to never find out why they know this stuff.

Another presentation asks "what is the problem with combining IC (Intelligence Community) collection efforts & LEA (Law Enforcement Agency) investigations in US courtrooms?" and then explains that it presents constitutional problems... and that "Americans don't like it!"

The note on that one points out that "even though we seek to protect our citizens, generally, we can only use techniques to achieve that objective, which are acceptable to our citizens." But that's not what they're actually doing or teaching. Instead, they're teaching how to keep doing the constitutionally questionable things that Americans don't like... and then hiding it from the courts, the American public and even the law enforcement folks themselves, in order to create a sort of plausible deniability that launders the fact that potentially illegal and unconstitutional surveillance was used to create the basis of the legal case.

There's some more information in the documents, but it all basically points to the same basic thing: the less that law enforcement folks know, the better. If the law enforcement knows too much, call in the "Taint Review Team" to see what they can do to clean up, and see what you can use to get the judge to exclude classified evidence. All in all, it adds up to a nice little plan to allow the NSA to illegally spy on people, tell law enforcement just enough to target people, without ever revealing how they were caught via unconstitutional means.

Permalink | Comments | Email This Story
]]>americans don't like ithttps://www.techdirt.com/comment_rss.php?sid=20140203/11143926078Tue, 3 Sep 2013 07:47:35 PDTAT&T Has Employees Embedded In The Gov't Providing Near Realtime Searches On Nearly Every Phone CallMike Masnickhttps://www.techdirt.com/articles/20130901/23253224379/att-has-employees-embedded-govt-providing-near-realtime-searches-nearly-every-phone-call.shtml
https://www.techdirt.com/articles/20130901/23253224379/att-has-employees-embedded-govt-providing-near-realtime-searches-nearly-every-phone-call.shtmlbig telcos appear to provide tremendous amounts of data to the NSA -- including, basically, call records on every single call ever made. We also discussed how the DEA appears to be getting secret info from the NSA and other intelligence agencies, via its Special Operations Division (SOD), and is then told to effectively launder where it got it's tips from. However, over the weekend, the NY Times broke a huge story about a program called Hemisphere, set up by AT&T and the DEA, such that the DEA and a variety of other law enforcement agencies (including some at state level) have near real-time access to data on every single call that touches an AT&T switch (which goes way beyond cases where one of the parties on the call has an account with AT&T). And this database goes back to 1987 (unlike the NSA which claims to delete most data beyond five years, which may or may not be true). Also, unlike the NSA, this Hemisphere database includes location info.

Oh, and making it even crazier: the government is paying AT&T to have a bunch of AT&T employees embedded with the DEA so that they can respond to requests to search this database faster. The government insists this is no big deal (of course) in part because the "database" is not actually held by the feds, but rather by AT&T. But, really, does that distinction really matter when the AT&T employees who can query it are basically DEA employees -- paid by the US government, working with DEA units? In order to query Hemisphere, the DEA and other agencies apparently just need an administrative subpoena, which is the equivalent of saying the DEA just needs to ask for it. There's no review or oversight by a court or anything.

Furthermore, this seems to totally decimate the argument that the NSA and its defenders were making a few weeks ago, claiming that with the dragnet collection of metadata on all phone calls, it was necessary for the NSA to store this data, because it would take way too long to have the telcos do the searches for the government. They seem to have conveniently left out that there was already a program in place whereby law enforcement folks could walk over to the next cubicle and get the AT&T employee paid for by the government run a search for them with no real oversight.

Also, as with the SOD "leads" it appears that those in law enforcement making use of Hemisphere data are told to launder the use of the database. The PowerPoint presentation (which was revealed -- perhaps accidentally -- in response to a FOIA request) talks about "protecting the program," which includes telling people who use the program "to never refer to Hemisphere in any official document." It also explains how to "wall off" Hemisphere by using the information gleaned via the program to then seek a more regular subpoena for a specific carrier's records. Basically, they use Hemisphere to find out key information and then tell law enforcement to use a different kind of subpoena to pretend the info came out of something different.

Furthermore, it appears they've been expanding the list of law enforcement people who can make use of Hemisphere. Washington state began allowing law enforcement in Washington to make use of Hemisphere, and they seem pretty excited about expanding such access to this massive database -- which adds 4 billion call records every day. While the program is considered "unclassified," the NY Times notes that it does not appear to have ever been mentioned publicly.

The tool is apparently quite good at locating people who are using burner phones and connecting various dots when people abandon one phone and pick up another. Obviously, you can see why such info might be valuable to law enforcement -- especially the Drug Enforcement Agency -- but there are serious questions about whether or not having access to all that data with so little oversight is actually legal. If you thought the NSA's "metadata" database was big, this is much bigger. And almost no one even seemed to know it existed.

Permalink | Comments | Email This Story
]]>forget-the-nsahttps://www.techdirt.com/comment_rss.php?sid=20130901/23253224379Wed, 28 Aug 2013 00:18:28 PDTCongress Asks Eric Holder To Explain Why NSA Supplies DEA Info Which It Then Launders To Go After AmericansMike Masnickhttps://www.techdirt.com/articles/20130827/17564624327/congress-asks-eric-holder-to-explain-why-nsa-supplies-dea-info-which-it-then-launders-to-go-after-americans.shtml
https://www.techdirt.com/articles/20130827/17564624327/congress-asks-eric-holder-to-explain-why-nsa-supplies-dea-info-which-it-then-launders-to-go-after-americans.shtmleffectively launder the information, so that it never came out where they got the information from, and that it didn't show up in any court case. For example, they might send info to the DEA about a likely drug deal, and the DEA would then tell its agents that they should come up with a pretense to stop a certain truck at a certain truck stop at a certain time. The agents would work with local police to concoct a reason to pull the truck over, and voila, drugs found. But, most importantly, at no point would the fact that such information was used to lead to the stop be revealed, and that's unconstitutional. If you're accused, you're supposed to have access to all of the evidence being used against you.

It appears that a bunch of folks in Congress want some answers about this program, and so Eric Holder has been sent yet another letter with questions from a bunch of Senators and Representatives, and there will be yet another briefing where I'm sure he'll promise a full investigation into the practice and maybe promise some internal changes to guidelines, but where nothing will actually change. It really does seem like a very significant portion of Eric Holder's job these days is to respond to the latest scandal of government overreach by promising that he'll fix it, and nothing much ever seems to change.

Permalink | Comments | Email This Story
]]>about-timehttps://www.techdirt.com/comment_rss.php?sid=20130827/17564624327Thu, 22 Aug 2013 20:00:08 PDTWas DEA's Fake Claims Of Not Being Able To Intercept iMessages Part Of Evidence Laundering Efforts?Mike Masnickhttps://www.techdirt.com/articles/20130815/12060524189/was-deas-fake-claims-not-being-able-to-intercept-imessages-part-evidence-laundering-efforts.shtml
https://www.techdirt.com/articles/20130815/12060524189/was-deas-fake-claims-not-being-able-to-intercept-imessages-part-evidence-laundering-efforts.shtml
However, I was recently reminded of a story from just a few months before all of these revelations started coming out -- in which a DEA memo was "leaked," in which the DEA complains that Apple's iMessage encryption had "stymied" DEA agents from being able to spy on conversations. Except, as many people noted, this was clearly not true, because the iMessage encryption is not truly end-to-end. Apple holds the key itself, so the DEA can easily get the decrypted messages via Apple. Most of the assumptions were that this bogus memo was leaked either to try to get even more legal justification for requiring back doors in all communications technology, or to try to lull drug runners into believing iMessage was safe when it's clearly not.

Of course, now I'm wondering if there's even more to it: given that it's now been confirmed that DEA staff have been told to fake things to cover up where investigations originated, perhaps the letter was part of a laundering effort to hide the fact that some key breaks came from decrypted iMessage conversations that the government had been snooping through...

Permalink | Comments | Email This Story
]]>questions,-questionshttps://www.techdirt.com/comment_rss.php?sid=20130815/12060524189Thu, 8 Aug 2013 07:42:43 PDTIRS Also Secretly Got Intelligence Info And Was Told To Launder ItMike Masnickhttps://www.techdirt.com/articles/20130807/17003624104/irs-also-secretly-got-intelligence-info-was-told-to-launder-it.shtml
https://www.techdirt.com/articles/20130807/17003624104/irs-also-secretly-got-intelligence-info-was-told-to-launder-it.shtmlsharing information with other government agencies -- mainly via the DEA's Special Operations Division (SOD) and then telling those who use that info to do law enforcement work to "launder" their own investigation to hide where they got the information from. The example given was that, perhaps, the FBI or the NSA might provide the SOD with information about a truck likely to have drugs. SOD then tells other DEA agents to look for "this kind of truck in this truck stop," and then the DEA has local police stop the truck on a traffic violation, leading to a "random" search and voila, drug trafficker arrested.

A 350-word entry in the Internal Revenue Manual instructed agents of the U.S. tax agency to omit any reference to tips supplied by the DEA's Special Operations Division, especially from affidavits, court proceedings or investigative files. The entry was published and posted online in 2005 and 2006, and was removed in early 2007. The IRS is among two dozen arms of the government working with the Special Operations Division, including the Federal Bureau of Investigation, the National Security Agency and the Central Intelligence Agency.

An IRS spokesman had no comment on the entry or on why it was removed from the manual. Reuters recovered the previous editions from the archives of the Westlaw legal database, which is owned by Thomson Reuters Corp, the parent of this news agency.

This is almost certainly unconstitutional, as a due process violation, by hiding the evidence used to arrest someone. Furthermore, even if you think that it's reasonable that if the FBI or NSA comes across some details of, say, a tax cheat or a drug deal, that they should pass that info along to a relevant agency, at best you could make an argument that this made sense when those investigations were narrow and targeted at wrongdoing. Yet, as we've seen, surveillance capabilities for both the NSA and FBI have been expanding rapidly, such that nowadays they're collecting information on absolutely everyone. When you have information on everyone, it's not hard to construct "patterns" that can be passed along to various agencies for the purpose of directly targeting individuals. The risk of abuse of this kind of information gathering and information sharing is tremendous.

Permalink | Comments | Email This Story
]]>this-isn't-going-to-end-wellhttps://www.techdirt.com/comment_rss.php?sid=20130807/17003624104Wed, 7 Aug 2013 03:52:56 PDTNow That It's Been Exposed, DOJ Plans To 'Review' Information Sharing With DEAMike Masnickhttps://www.techdirt.com/articles/20130806/20591424089/now-that-its-been-exposed-doj-plans-to-review-information-sharing-with-dea.shtml
https://www.techdirt.com/articles/20130806/20591424089/now-that-its-been-exposed-doj-plans-to-review-information-sharing-with-dea.shtmlgive the DEA info through its SOD -- Special Operations Division -- and then DEA agents are instructed to "launder" where they got the info from, so they don't have to reveal to the people they arrest how they were caught. This is almost certainly illegal, as the discovery process is pretty clear that the government needs to turn over its evidence. In the article, DEA officials seemed almost cavalier about the whole thing, noting that they'd been doing it for decades. Of course, now that it's public, it took all of a day for the DOJ -- which clearly has known about this all along -- to say that it's now reviewing the program:

The Justice Department is reviewing a U.S. Drug Enforcement Administration unit that passes tips culled from intelligence intercepts, wiretaps, informants and a large telephone database to field agents, White House Press Secretary Jay Carney said Monday.

Reuters also points out that the DEA officials they had interviewed claimed that the DOJ had reviewed the program regularly, and deemed it legal. The fact that the DOJ is suddenly kicking off a new "investigation" the day after the program becomes public is really questionable -- but par for the course. Over the last few months, as we've seen revelation after revelation of very questionable law enforcement and data collection practices by the government, each time we're first told this is "no big deal" and then when the feds realize that no one's buying that, suddenly they need to "review" the program.

Gee... it's kind of like when they keep all this stuff totally secret, it doesn't receive the level of scrutiny that it really needs, huh?

Permalink | Comments | Email This Story
]]>oh-sure,-now-they-review-ithttps://www.techdirt.com/comment_rss.php?sid=20130806/20591424089Mon, 5 Aug 2013 11:26:16 PDTDEA Not Only Gets Intelligence Data, But Then Is Instructed To Cover Up Where It Gets The InfoMike Masnickhttps://www.techdirt.com/articles/20130805/10035024070/dea-not-only-gets-intelligence-data-then-is-instructed-to-cover-up-where-it-gets-info.shtml
https://www.techdirt.com/articles/20130805/10035024070/dea-not-only-gets-intelligence-data-then-is-instructed-to-cover-up-where-it-gets-info.shtmlwanting data from the NSA. The NY Times story claimed that the NSA was regularly turning down such requests. Except... this morning Reuters broke the news that the NSA, along with the CIA, FBI, IRS and Homeland Security, are actually funneling data to the Drug Enforcement Agency (DEA) and (even worse) the DEA is then instructed to lie about where it gets the evidence.

The undated documents show that federal agents are trained to "recreate" the investigative trail to effectively cover up where the information originated, a practice that some experts say violates a defendant's Constitutional right to a fair trial. If defendants don't know how an investigation began, they cannot know to ask to review potential sources of exculpatory evidence - information that could reveal entrapment, mistakes or biased witnesses.

"I have never heard of anything like this at all," said Nancy Gertner, a Harvard Law School professor who served as a federal judge from 1994 to 2011. Gertner and other legal experts said the program sounds more troubling than recent disclosures that the National Security Agency has been collecting domestic phone records. The NSA effort is geared toward stopping terrorists; the DEA program targets common criminals, primarily drug dealers.

"It is one thing to create special rules for national security," Gertner said. "Ordinary crime is entirely different. It sounds like they are phonying up investigations."

As the article notes, the DEA doesn't just hide the actual details from those they're prosecuting, but even from judges and US attorneys in the Justice Department. Basically, it looks like the NSA is illegally giving the DEA info, and then the DEA is figuring out ways to pretend it got that info from legal sources. That goes way, way, way beyond what is supposed to be happening.

"Remember that the utilization of SOD cannot be revealed or discussed in any investigative function," a document presented to agents reads. The document specifically directs agents to omit the SOD's involvement from investigative reports, affidavits, discussions with prosecutors and courtroom testimony. Agents are instructed to then use "normal investigative techniques to recreate the information provided by SOD."

And this isn't just for extreme cases either. Reuters says that two separate senior DEA officials said that this technique "is used almost daily." As the Reuters report explains, the info from the NSA might, for example, highlight a particular vehicle that may be involved in a drug effort (remember, the NSA isn't supposed to collect or look at info on things happening in the US), and then DEA officials will be told something like "look for this vehicle in this place." The DEA will then ask "state police to find an excuse to stop that vehicle," leading to a search. Then they later claim that the arrest and finding drugs came because of a "routine traffic stop" rather than NSA surveillance dragnet efforts.

There's a lot more in the article, including a variety of DEA officials insisting that there's nothing wrong with this sort of thing... balanced out by a variety of defense attorneys pointing out that it's unconstitutional to hide where information for an investigation came from. It is a fundamental aspect of basic due process that those accused of crimes get the details of the evidence and the investigation that lead to their arrests. That the DEA appears to be actively covering up this information, and that it's been standard operating procedure for decades, is immensely troubling.

Permalink | Comments | Email This Story
]]>wowhttps://www.techdirt.com/comment_rss.php?sid=20130805/10035024070Fri, 5 Apr 2013 10:55:00 PDTDEA Accused Of Leaking Misleading Info Falsely Implying That It Can't Read Apple iMessagesMike Masnickhttps://www.techdirt.com/articles/20130405/01485922590/dea-accused-leaking-misleading-info-falsely-implying-that-it-cant-read-apple-imessages.shtml
https://www.techdirt.com/articles/20130405/01485922590/dea-accused-leaking-misleading-info-falsely-implying-that-it-cant-read-apple-imessages.shtmlmessages sent via Apple's own iMessage system were untappable and were "frustrating" law enforcement. Here's a snippet from that article:

Encryption used in Apple's iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects' conversations, an internal government document reveals.

An internal Drug Enforcement Administration document seen by CNET discusses a February 2013 criminal investigation and warns that because of the use of encryption, "it is impossible to intercept iMessages between two Apple devices" even with a court order approved by a federal judge.

CNET posted an image of the letter:

In reading over this, however, a number of people quickly called bullshit. While Apple boasts of "end-to-end encryption" it's pretty clear that Apple itself holds the key -- because if you boot up a brand new iOS device, you automatically get access to your old messages. That means that (a) Apple is storing those messages in the cloud and (b) it can decrypt them if it needs to. As Julian Sanchez discusses in trying to get to the bottom of this, the memo really only suggests that law enforcement can't get those messages by going to the mobile operators. It says nothing about the ability to get those same messages by going to Apple directly. And, in fact, in many ways iMessages may be even more prone to surveillance, since SMS messages are only stored on mobile operators' servers for a brief time, whereas iMessages appear to be stored by Apple indefinitely.

That leads Sanchez to wonder if there might be some sort of ulterior motive behind the "leaking" of this document, done in a way to falsely imply that iMessages are actually impervious to government snooping. He comes up with two plausible theories: (1) that this is part of the feds' longstanding effort to convince lawmakers to make it mandatory that all communications systems have backdoors for wiretapping and (2) that it's an attempt to convince criminals that iMessages are safe, so they start using them falsely believing their messages are protected.

Which brings us to the question of why, exactly, this sensitive law enforcement document leaked to a news outlet in the first place. It would be very strange, after all, for a cop to deliberately pass along information that could help drug dealers shield their communications from police. One reason might be to create support for the Justice Department’s longstanding campaign for legislation to require Internet providers to create backdoors ensuring police can read encrypted communications—even though in this case, the backdoor would appear to already exist.

The CNET article itself discusses this so-called “Going Dark” initiative. But another possible motive is to spread the very false impression that the article creates: That iMessages are somehow more difficult, if not impossible, for law enforcement to intercept. Criminals might then switch to using the iMessage service, which is no more immune to interception in reality, and actually provides police with far more useful data than traditional text messages can. If that’s what happened here, you have to admire the leaker’s ingenuity—but I’m inclined to think people are entitled to accurate information about the real level of security their communication enjoy.

While both scenarios are plausible, both seem fairly cynical as well. I'd like to think that law enforcement is above attempting such tricks, but unfortunately that might just be naive these days.

Permalink | Comments | Email This Story
]]>that's-not-the-truthhttps://www.techdirt.com/comment_rss.php?sid=20130405/01485922590Mon, 4 Feb 2013 08:45:46 PSTDEA Circumventing Oregon State Law To Grab Medical Records Without A WarrantTim Cushinghttps://www.techdirt.com/articles/20130201/12063221855/dea-circumventing-oregon-state-law-to-grab-medical-records-without-warrant.shtml
https://www.techdirt.com/articles/20130201/12063221855/dea-circumventing-oregon-state-law-to-grab-medical-records-without-warrant.shtmlall without warrants), along comes the news that another agency is looking to get just a little more.

Records of the prescription medications we take can reveal some of the most private and sensitive information about us. Knowing that a person self-administers prescription testosterone injections can reveal that he is a transgender man undergoing hormone replacement therapy. Knowing that someone takes Xanax, Valium, or other anti-anxiety medications can reveal a diagnosis of mental illness. If a person is on Marinol, a medication containing synthetic THC, she is likely fighting weight loss associated with AIDS. A prescription for a narcotic painkiller such as codeine or oxycodone might indicate a chronic or terminal illness. Ritalin and Adderall are associated with treatment of Attention Deficit Hyperactivity Disorder.

The state of Oregon tracks prescriptions like these for several good reasons: to prevent drug overdoses and cut down on substance abuse. While it would seem the DEA should be able to access the records carte blanche because of the latter concern, Oregon has made the right move and added a warrant requirement in order to protect patients' information. The DEA, like many other government agencies (*coughFBI*), has been using administrative subpoenas to circumvent this requirement.

Fortunately, the state of Oregon is fighting back, with some help from the ACLU.

The State of Oregon sued the DEA in federal court to defend its right to require law enforcement, including federal agencies, to obtain the warrants required by state law. Today, the ACLU filed a motion to intervene in the case on behalf of several patients and a doctor whose prescription records are contained in the PDMP. Our clients are concerned that the privacy of their medical information will be violated if the DEA is allowed to search through prescription records without a warrant. If the DEA can demonstrate to a judge that it has probable cause to believe that a crime has been committed and that prescription records will provide evidence of that crime, then it can legitimately obtain records from the PDMP. Because prescription records and the medical information they reveal are such a sensitive matter, protecting their privacy is vital, and we argue that obtaining private and confidential prescription records without a warrant constitutes an unreasonable search in violation of the Fourth Amendment.

The ACLU points out that the "third-party doctrine" is being used to portray information provided to a doctor or pharmacist as exempt from warrant requirements. Courts have shown in the past that information turned over to a third party is no longer protected by the "reasonable expectation of privacy." This is a false equation, the ACLU states:

We disagree with this principle—but even on its own terms, the third party doctrine should not apply here. Medical records are different than the trash we put out on the curb, or the canceled checks we provide to our bank, or the electrical usage records we transmit to the power company. The information we share with our doctors and pharmacists can be some of our most private information. Just because we trust our doctors with our medical information doesn’t mean the DEA should be able to easily access it too.

Barbara Alice Mahaffey died of colon cancer in her bedroom last May. [Vernal, UT resident] Ben D. Mahaffey, 80, said he was distraught and trying to make sure his wife's body would be taken to the funeral home with dignity, when he says officers insisted he help them look for the drugs.

"I was holding her hand saying goodbye when all the intrusion happened," he told the Deseret News.

Barbara Mahaffey died at 12:35 a.m. with Mahaffey, a Navy medic in the Korean War, and his friend, an EMT, at her side. In addition to police, a mortician and a hospice worker arrived at the home about 12:45 a.m., Mahaffey said. He said he doesn't know how police came to be there.

Mahaffey said he was treated as if he were going to sell the painkillers, which included OxyContin, oxycodone and morphine, on the street.

Yep. If your loved ones use certain painkillers, you can expect to be raided at any time, especially if they've just passed on, leaving behind a treasure trove of highly marketable controlled substances. But don't worry, Vernal City Manager Ken Bassett would expect nothing less than a raid by Vernal's finest during the final moments of his loved ones' lives:

In his suit, Mahaffey alleges that Vernal City Manager Ken Bassett told Mahaffey he was being "'overly sensitive' and that police were just trying to protect the public from illegal use of prescription drugs." The suit also alleges that Bassett then told Mahaffey "his own parents had recently died and he wouldn't have cared had police searched their house for drugs."

Also noted: this is "common practice" for Vernal police, although it's often "selectively applied." Yay! A badly written law, randomly enforced and noxious from any angle, that latter of which perfectly describes the DEA's attempt to circumvent patient privacy by exploiting a few loopholes.

Permalink | Comments | Email This Story
]]>you-can-only-take-my-information-for-so-long,-until-you-take-it-allhttps://www.techdirt.com/comment_rss.php?sid=20130201/12063221855Tue, 28 Aug 2012 07:13:55 PDTDEA Gets Lawsuit Dismissed Because It Couldn't Cope With Two Terabytes Of EvidenceMike Masnickhttps://www.techdirt.com/articles/20120827/01285120164/dea-gets-lawsuit-dismissed-because-it-couldnt-cope-with-two-terabytes-evidence.shtml
https://www.techdirt.com/articles/20120827/01285120164/dea-gets-lawsuit-dismissed-because-it-couldnt-cope-with-two-terabytes-evidence.shtmlbecause the DEA was sick of storing all of the evidence, both electronic and paper. How much evidence?

More than 400,000 documents and two terabytes of electronic data that federal authorities say is expensive to maintain....

[....] "Continued storage of these materials is difficult and expensive," wrote Stephanie Rose, the U.S. attorney for northern Iowa. She called the task "an economic and practical hardship" for the Drug Enforcement Administration....

[....] The evidence took up 5 percent of the DEA's worldwide electronic storage. Agents had also kept several hundred boxes of paper containing 440,000 documents, plus dozens of computers, servers and other bulky items.

Two terabytes is enough to store the text of 2 million novels, or roughly 625,000 copies of "War and Peace."

None of this makes much sense. You can pick up a two-terabyte drive for a little over $100 (I was just looking to pick up a couple for a backup system). The fact that it can store 2 million novels is meaningless. The idea that it's expensive to store that much seems silly -- as does the claim that 2 terabytes represents 5% of the DEA's "worldwide electronic storage." I recognize that government procurement is a ridiculous process, but if there's any truth to this, then the DEA is even more dysfunctional than originally believed.

As Scott Greenfield noted in the link above:

The revelations from this motion, if true, are amazing and appalling. Given the scope of electronic data involves in investigations, the claim that two terabytes constitutes five percent of the DEA's storage capacity is laughable. It suggests that they're screwing with us, and have no ability to do 90% of the things they claim or we fear they're up to.

Indeed, while we worry about their creating mirror images of hard drives of thousands of computers, or obtaining digital evidence from hundreds of thousands of cellphones, this isn't conceivably possible if the total storage capacity of the DEA is 40 terabytes. It just can't be.